Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups

From: Peter Zijlstra
Date: Wed Dec 11 2019 - 10:25:13 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.19 190/243] clk: renesas: rcar-gen3: Set state when registering SD clocks"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 206/243] Input: synaptics-rmi4 - dont increment rmiaddr for SMBus transfers"
In reply to: Alexey Budankov: "Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups"
Next in thread: Alexey Budankov: "Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 11, 2019 at 01:52:15PM +0300, Alexey Budankov wrote:
> Undoubtedly, SELinux is the powerful, mature, whole level of functionality that
> could provide benefits not only for perf_events subsystem. However perf_events
> is built around capabilities to provide access control to its functionality,
> thus perf_events would require considerable rework prior it could be controlled
> thru SELinux.

You mean this:

da97e18458fb ("perf_event: Add support for LSM and SELinux checks")

?

> Then the adoption could also require changes to the installed
> infrastructure just for the sake of adopting alternative access control mechanism.

This is still very much true.

Next message: Greg Kroah-Hartman: "[PATCH 4.19 190/243] clk: renesas: rcar-gen3: Set state when registering SD clocks"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 206/243] Input: synaptics-rmi4 - dont increment rmiaddr for SMBus transfers"
In reply to: Alexey Budankov: "Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups"
Next in thread: Alexey Budankov: "Re: [PATCH v1 0/3] Introduce CAP_SYS_PERFMON capability for secure Perf users groups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]